Amendment 46 


To the Contract for the Design, Implementation, Operation and Maintenance of 

the Regional Fare Coordination System 

This Amendment 46 to the Contract for the Design, Implementation, Operation and 
Maintenance of the Regional Fare Coordination System is entered into this ou tlay of 

UiDlC'y __, 2009, by and between ERG Transit Systems (USA) Inc, a 

California corporation and wholly owned subsidiary of ERG Limited, an Australian 
corporation, (hereinafter referred to as the “Contractor”) and each of the following seven 
public transportation agencies (hereinafter referred to individually as an “Agency” or 
collectively as the “Agencies 11 ): 

1. Central Puget Sound Regional Transit Authority ("Sound Transit") 

2. King County ("King County") 

3. Kitsap County Public Transportation Benefit Area ("Kitsap Transit") 

4. Pierce County Public Transportation Benefit Area (“Pierce Transit”) 

5. Snohomish County Public Transportation Benefit Area ("Community Transit") 

6. City of Everett (“Everett”) 

7. State of Washington, acting through the Washington State Department of 
Transportation, Washington State Ferries Division ("WSF") 

Recitals 


A. Effective April 29, 2003, each of the Agencies and the Contractor entered into 
Contract #229944 (“Contract”) to implement a Regional Fare Coordination System 
(“RFC System”) to establish a common fare system utilizing smart card 
technology. The Contractor is responsible for the development, implementation, 
operation and maintenance of the RFC System as specified in the Contract. 

B. Under Section 3.1-11 of the Contract, the Contractor is required to undergo 
a security audit by an outside firm by May 31 of each year. 

C. The Agencies have reviewed the Contractor's proposed scope for the 2009 
security audit and have requested that the Contractor add certain tasks to 
the scope of work of its audit firm. The Contractor is willing to add the tasks 
provided the fee for said added work is reimbursed by the Agencies. In the 
interests of avoiding disputes and delays in obtaining the benefits of the 
added tasks, the Agencies are willing to reimburse the Contractor on non- 
precedential basis for the added fees due to the outside firm that will 
perform said added tasks. 
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Agreement 


NOW, THEREFORE, in consideration of the mutual covenants contained herein, the 
sufficiency of which is hereby acknowledged, the Parties hereby agree to the above 
Recitals and the following: 

Section 1.0 Added Tasks for 2009 Security Audit 

The Contractor agrees to add the following tasks to the Contractor’s (Moss Adams 
Phase IV) scope of work to perform the 2009 Internal Security Audit of OpCo and 
the Disaster Recovery Center as required by Contract No. 229944. These 
additional tasks are as described in the Agencies’ mark-up of the ERG/Moss 
Adams scope of work returned to ERG on April 13, 2009. In summary the 
additional tasks include: a) a security assessment of the key and encryption 
structure and strategy for the DESFire card, focusing primarily on the effectiveness 
of encryption keys and strategies to deter attack and mitigate the potential of card 
cloning and spoofing; b) a security assessment of message handling and 
encryption for card-reader communications, including provisions to mitigate 
eavesdropping on the communications between the card and reader and mitigate 
against "relay" attacks. This should include an identification of what information is 
transmitted with "cleartext" (e.g. the card serial number) versus what is encrypted; 
and c) an assessment of potential security risks, impacts and mitigation for the 
following "what if' scenarios (paper assessment only - scenarios do not require 
physical testing): Scenario 1: A Terminal Revalue Unit (TRU) is stolen from a 
retailer and not reported as such; Scenario 2: An Onboard Fare Transaction 
Processor (OBFTP) is stolen from inventory without the awareness of the transit 
agency; Scenario 3: A Portable Fare Transaction Processor (PFTP) is stolen 
without the awareness of the transit agency; and Scenario 4: A legitimate ORCA 
card is successfully cloned. The final audit report should be delivered to the 
Agencies for their review and comment no later than July 10, 2009. 


Section 2.0 Reimbursement of Contractor 

Section VI (Implementation) of Exhibit 9, Price Schedule, is hereby amended to read 
follows: 


VI. IMPLEMENTATION 


SPECIAL PROGRAMS 

LUMP SUM 
COST 

Original Contract 


A. PARATRANSIT 

$70,476 

B. VANPOOL 

$70,476 


Change Order No. 1 
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A. KCM RCU Conceptual Design 

(Not to Exceed plus reimbursable travel expenses) 


Change Order No. 11 


WSF GAK Implementation 


Change Order No. 15 


WSF Gate & POS Simulator 


Change Order No. 16 



KT PFTP Implementation 


1. Phase 1 FDR through Beta Test Readiness 


2. Phase 2 After Beta Test Readiness _ 

TOTAL IMPLEMENTATION: 


Change Order No. 18 


KCM DDU Functionality when ARI enters Init Mode 


Change Order No. 19 


KCM DDU Auto Logoff and Power Down 


Change Order No. 20 


Beta Card Production 


Change Order No. 25 


CST Monitors for Beta Test Developmental Units 
5 CSTs @ $800 each 


Change Order No. 29 


Addition of Cardholder Website content to Call 
Center & Walk-in Center training courses and 
materials 


Change Order No. 30 


Revise card graphics to include 8-digit Card Serial 
Number on the card 


$26,795 


$241,584 


$24,614 


$79,698 


$46,683 

$126,381 


$10,985 


$7,054 


$20,000 


$4,000 


$3,675 


$2,072 


Change Order No. 31 


CST Functionality to override card printing 
requirements 


$6,637 


Change Order No. 34 


Cardholder Website change to perform certain 
functions (items #9 through 13) in Figure 11-1.1 for 
both Registered and Unregistered Cards 


$33,067 
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Change Order No. 35 


UW Card serial number placement on back of 

$896 

Campus Card 



Change Order No. 36 


WSF Commercial Account Card requirements 


$37,815 


Change Order No. 37 


Data Update Functionality 


$83,189 


Amendment No. 31 


Change fare card Primary Graphics and Primary 

$2986 

Printing requirements for Standard and Disposable 


Fare Cards as well as the Secondary Printing 


requirements for Business Account and Operator 


Cards. 



Amendment No. 34 


Change the Regional Reduced Fare Permit (RRFP) 

$5159 

card front and back primary and secondary 


graphics. 



Amendment No. 37 


Modify the existing report, Institutional Card Status 
Report, to remove the first and last name fields and 
to add a new field to indicate if the card is 

$3750 

“registered”. 



Change Order No. 39 


Business Account Web Changes 


$9,108 


Change Order No. 36 


WSF Commercial Account Card requirements 


$45,315 


Change Order No. 37 


Data Update Functionality 


$83,189 
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Amendment No. 46 


Contractor shall add tasks to the Moss Adams 2009 
(Phase IV) Internal Security Audit of the OpCo and 
the Disaster Recovery Center as summarized in 
Amendment 46 Section 1.0 and described in the 
April 13, 2009 Agency comments on the Moss 
Adams Scope of Work. 

TOTAL 


$6,200 


Section 3.0 

All other provisions of the Contract not referenced in this Amendment 46 shall remain in 
effect. 

IN WITNESS WHEREOF, authorized representative of the Agencies and the Contractor 
have signed their names in the spaces provided below. 


ERG Transit Systems (USA) Inc. 

By: _ 

Its:_ \ A' • <<; 

Date:_ Q^/zkl-ynt'l _ 


The Agencies 

By: 

Their: (Lfafaet 

On behalf of the Agencies 

Date: {£ h?. '200*1 _ 
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